#!/bin/bash
#2021-12-12 cnetos7+
# Core=`cat /proc/cpuinfo |grep "physical id"|sort |uniq|wc -l`
Geturl="https://mirror.cnop.net"
echo "Cpu core number $(nproc)"
echo -e "\033[32m Enter a nginx path( Default /usr/local/openresty ):   \033[0m"
read Dir
if [ -z "$Dir" ]; then
  echo -e "\033[32m  Using the default path /usr/local/openresty :\033[0m"
  Dir=/usr/local/openresty
  echo $Dir
else
  echo -e "\033[32m Your input $Path :\033[0m"
  echo $Dir
fi

if [ -e $Dir ]; then
#Folder name exists in system
echo -e "\033[32m Ready to Install.   \033[0m"
else
#Folder name no exists in system
echo -e "\033[32m Create $Dir   \033[0m"
mkdir $Dir
fi

#nginx_version
echo " " && echo -e "\033[32m Please enter a nginx version using Numbers instead: \033[0m"
echo -e "\033[32m 1.openresty-1.19.9.1 (Default)  \033[0m"
echo -e "\033[32m 2.openresty-1.19.3.2    \033[0m"
echo -e "\033[32m 3.openresty-1.19.3.1   \033[0m"
read Vname
case $Vname in
1|'')
    echo openresty-1.19.9.1
	Vname=openresty-1.19.9.1
    ;;
2)
    echo openresty-1.19.3.2
	Vname=openresty-1.19.3.2
    ;;
3)
    echo openresty-1.19.3.1
	Vname=openresty-1.19.3.1
    ;;
esac
#nginx_waf
echo " " && echo -e "\033[32m Enter y or n to determine whether to install Waf (default Y): \033[0m"
read Waf
case $Waf in
y|Y|'')
   Waf=1
    ;;
n|N)
   Waf=0
    ;;
esac

if [ "$Waf" = "1" ]; then
echo " " && echo -e "\033[32m Please select a waf: \033[0m"
echo -e "\033[32m 1.openwaf  \033[0m"
echo -e "\033[32m 2.waf-1.0.1 (Default)  \033[0m"
read Wafversion
else
echo “”
fi

echo -e "\033[32m Installing libraries ... \033[0m"
yum -y install epel-release perl pcre pcre-devel libtool openssl openssl-devel curl unzip wget zip lib gcc gcc-c++ wget GeoIP-devel swig make perl-ExtUtils-Embed readline-devel zlib zlib-devel

Version=`cat /etc/redhat-release |grep "CentOS Linux release 7"`
#Firewalld=`ps -ef|grep "/usr/sbin/firewalld"`

useradd www
echo -e "\033[32m Download $Vname.tar.gz: \033[0m"
cd /opt  && wget $Geturl/web/openresty/$Vname.tar.gz
tar zxvf $Vname.tar.gz && cd $Vname && echo "$Vname"

if [ "$Wafversion" = "1" ] ; then
wget $Geturl/web/module/OpenWAF-master.zip && unzip OpenWAF-master.zip
mv /opt/$Vname/OpenWAF-master /opt/OpenWAF
#cp OpenWAF-master/lib/openresty/ngx_openwaf.conf /etc
cp /opt/$Vname/configure /opt/$Vname/configure.bak && cp /opt/OpenWAF/lib/openresty/configure /opt/$Vname
cp -r /opt/OpenWAF/lib/openresty/* /opt/$Vname/bundle/
chown -R www.www /opt/OpenWAF
else
echo ""
fi
# security_mode
cd /opt/$Vname
./configure --user=www --group=www --prefix=$Dir --with-pcre --with-stream --with-threads --with-file-aio --with-http_v2_module --with-http_ssl_module --with-http_realip_module --with-http_gzip_static_module --with-http_stub_status_module && gmake && gmake install

if [ "$Wafversion" = "2" ] || [ "$Wafversion" = "" ]; then

cd /opt && wget $Geturl/web/module/waf-1.0.1.tar.gz && tar zxvf waf-1.0.1.tar.gz
cd waf-1.0.1 && cp -r waf $Dir/nginx/conf
cd $Dir/nginx/conf && mv nginx.conf nginx.conf.bak && wget $Geturl/web/openresty/nginx.conf
ln -s $Dir/lualib/resty/ $Dir/nginx/conf/waf/resty
sed -i "s@/usr/local/openresty@$Dir@g" nginx.conf
sed -i "s@/usr/local/openresty@$Dir@g" $Dir/nginx/conf/waf/config.lua
sed -i "s@/tmp@$Dir/nginx/logs@g" $Dir/nginx/conf/waf/config.lua

chown -R www.www $Dir
else
echo ""
fi

# if [ "$Wafversion" = "1" ] ; then
# mv /opt/$Vname/OpenWAF-master $Dir/nginx/openwaf
# mv $Dir/nginx/conf/nginx.conf $Dir/nginx/conf/nginx.conf.bak 
# cp $Dir/nginx/openwaf/lib/openresty/ngx_openwaf.conf $Dir/nginx/conf/nginx.conf
# sed -i "s@/usr/local/openresty@$Dir@g" $Dir/nginx/conf/nginx.conf
# sed -i "s@/opt/OpenWAF@$Dir/nginx/openwaf@g" $Dir/nginx/conf/nginx.conf


# else
# echo ""
# fi

ln -sf $Dir/nginx/sbin/nginx /usr/local/bin/nginx
ln -sf $Dir/nginx/sbin/nginx /usr/sbin/nginx
cd /etc/init.d && wget $Geturl/web/openresty/openresty && mv openresty nginx 
sed -i "s@/usr/local/openresty@$Dir@g" nginx && chmod +x nginx
if [ ! -n "$Version" ]; then 
#for centos 7-
#echo -e "\033[32m  Seting firewall for centos ... \033[0m"
#iptables -I INPUT -p tcp -m multiport --dports 80 -j ACCEPT
#service iptables save 
#service iptables restart  
echo -e "\033[32m starting nginx... \033[0m"
service nginx start
echo "service nginx start" >>/etc/rc.d/rc.local
chmod +x /etc/rc.d/rc.local

else  
#for centos 7
#if [ ! -n "$Firewalld" ]; then 
#echo "Skip firewall."
#else
#firewall-cmd --zone=public --add-port=80/tcp --permanent
#echo -e "\033[32m Restart firewall ... \033[0m"
#systemctl restart firewalld.service
#fi
echo -e "\033[32m starting nginx... \033[0m"
chkconfig --add nginx && systemctl daemon-reload && /sbin/chkconfig  nginx on && systemctl start nginx.service
fi

sleep 3
Url=http://127.0.0.1
Code=`curl -I -m 10 -o /dev/null -s -w %{http_code}  $Url`
if [ $Code = "200" ]; then
#url visit ...
ps -ef|grep nginx
echo -e "\033[32m install  is succeed.\033[0m"
else
echo -e "\033[31m Error : Do not start the nginx. \033[0m"
fi